Description of problem: Ovirt-imageIO-daemon is missing 54322 open port rule. This causes a failure when trying to upload images. Version-Release number of selected component (if applicable): Ovirt-Node-ng-4.1.5 How reproducible: Fresh install of Ovirt Node NG Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: Edit VDSM XML in /usr/lib/firewalld/services/vdsm.xml to open the imageIO daemon. Workaround is to run "firewall-cmd --zone=public --permanent --add-port=54322/tcp; firewall-cmd --reload" on each node in production.
Actually, https://github.com/firewalld/firewalld/blob/master/config/services/ovirt-imageio.xml should provide this port independently. This should be already available in CentOS-7.4's firewalld. With which one have you been testing?
The question is whether this is in the node preset, and whether we have a 7.4 node yet. I'm on PTO and can't check until Tuesday. Yuval, can you look at this?
Node is running 7.3.1611 from the Node-NG 4.1.5 image that was published.
Checked on rhvh-4.1-0.20171012.0+1 Test versions: [root@dhcp-8-109 ~]# imgbase w You are on rhvh-4.1-0.20171012.0+1 Test steps: 1. Fresh install rhvh 2. Check ovirt-imageio XML under firewalld [root@dhcp-8-109 ~]# cat /usr/lib/firewalld/services/ovirt-imageio.xml <?xml version="1.0" encoding="utf-8"?> <service> <short>oVirt Image I/O</short> <description>oVirt Image I/O simplifies the workflow of introducing new oVirt images into the oVirt environment.</description> <port protocol="tcp" port="54322"/> </service> 3. After registering to engine, check 54322 port is open [root@dhcp-8-109 ~]# iptables -L -x -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:54321 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:54322 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:111 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:161 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:16514 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 2223 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 5900:6923 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 49152:49216 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6081 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match ! --physdev-is-bridged reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6081 4. Upload image to the storage domain, upload can be successfully Thus, this bug can be verified on rhvh-4.1-0.20171012.0